Last week, NetCease was published via Microsoft. This new anti-surveillance tool is the product of a development team that was headed by a duo of researchers (Italy Grady and Tal Be’ery) from the technology giant. Per its developers, this device is able to assist administrators in the defending of their networks in regards to malicious probe.
Reconnaissance attack, which the malicious probe is known as, is a network scan that either occurs before a breach in order to determine entry points for the hazardous software to enter. The second method is via malware searching to sensitive nodes to wage an attack on a network. Therefore, NetCease is a command-line script designed for the latter form of attack.
Moreover, NetCease will protect a network from the gathering of data via local computers. This particular operation is achieved through the use of the function, NetSessionEnum.
Do note that computers that are on a corporate network find themselves committed to a master domain controller. With that being said, without authentication, anyone is abNetSessionEnum function to pry into a computer on the network. Via the function, hackers would [potentially] be able to network session times, usernames, IP addresses and more with relative ease.
Do to the fact that such sessions take less than two hours, any attacker would be provided with more than enough time to survey the network for weak points that can be confronted. Microsoft Launched NetCease
Per the Microsoft developers, NetCease is a command-line script that will allow administrators the ability to operate all the computers within their network. Basically, NetCease is able to work on the registry of a computer by altering the key that is in control of a computer’s access permissions. This will prevent persons that are not authorized from extracting any amount of data from a local computer within a respective network.
The registry of the computer would have to be manually edited in order for the default settings on the network to be adjusted. The code written by the developers should, plausibly, prevent security attackers from surveillance information.
The script stimulated admittance to the NetSessionEnum function so that permission to execute for authenticated user had been rescinded. Supplementary permissions are specified to administrators as well as system operators so that they can call upon this function remotely and activate an interactive session.
For those interested in NetCease, it is currently available for download via Microsoft Portal.